The remote host is missing an update to php5announced via advisory USN-424-1.

A security issue affects the following Ubuntu releases:

Ubuntu 5.10Ubuntu 6.06 LTSUbuntu 6.10

This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.

Details follow:

Multiple buffer overflows have been discovered in various PHP modules.If a PHP application processes untrusted data with functions of thesession or zip module, or various string functions, a remote attackercould exploit this to execute arbitrary code with the privileges ofthe web server. (CVE-2007-0906)

The sapi_header_op() function had a buffer underflow that could beexploited to crash the PHP interpreter. (CVE-2007-0907)

The wddx unserialization handler did not correctly check for somebuffer boundaries and had an uninitialized variable. By unserializinguntrusted data, this could be exploited to expose memory regions thatwere not meant to be accessible. Depending on the PHP application thiscould lead to disclosure of potentially sensitive information.(CVE-2007-0908)

On 64 bit systems (the amd64 and sparc platforms), various printfunctions and the odbc_result_all() were susceptible to a formatstring vulnerability. A remote attacker could exploit this to executearbitrary code with the privileges of the web server. (CVE-2007-0909)

Under certain circumstances it was possible to overwrite superglobalvariables (like the HTTP GET/POST arrays) with crafted session data.(CVE-2007-0910)

When unserializing untrusted data on 64-bit platforms thezend_hash_init() function could be forced to enter an infinite loop,consuming CPU resources, for a limited length of time, until thescript timeout alarm aborts the script. (CVE-2007-0988)

Solution:The problem can be corrected by upgrading your system to thefollowing package versions: